PROD_ORIGIN

.env.example

@@ -1,7 +1,7 @@
 # openssl rand -hex 24
 AUTH_SECRET=areallylongsecretthatyoushouldreplace
 INTERNAL_SECRET=areallylongsecretthatyoushouldreplace
-VITE_PROD_URL=http://localhost:3000
+PROD_ORIGIN=http://localhost:3000
 MDM_URL=http://localhost:8005
 EMAIL_URL=http://localhost:3002
 DATABASE_URL='mysql://todo:[email protected]/todo?ssl={"rejectUnauthorized":true}'

apps/web/src/api/rest/enrollment.tsx

@@ -82,7 +82,7 @@ export const enrollmentRouter = new Hono()
 		const params = new URLSearchParams({
 			client_id: env.ENTRA_CLIENT_ID,
 			scope: "https://graph.microsoft.com/.default",
-			redirect_uri: `${env.VITE_PROD_URL}/api/enrollment/callback`,
+			redirect_uri: `${env.PROD_ORIGIN}/api/enrollment/callback`,
 			response_type: "code",
 			response_mode: "query",
 			login_hint: email,
@@ -124,7 +124,7 @@ export const enrollmentRouter = new Hono()
 					client_id: env.ENTRA_CLIENT_ID,
 					client_secret: env.ENTRA_CLIENT_SECRET,
 					scope: "https://graph.microsoft.com/.default",
-					redirect_uri: `${env.VITE_PROD_URL}/api/enrollment/callback`,
+					redirect_uri: `${env.PROD_ORIGIN}/api/enrollment/callback`,
 					grant_type: "authorization_code",
 					code,
 				}),

apps/web/src/api/rest/ms.ts

@@ -51,7 +51,7 @@ export const msRouter = new Hono<HonoEnv>()
 			const params = new URLSearchParams({
 				client_id: env.ENTRA_CLIENT_ID,
 				prompt: "login",
-				redirect_uri: `${env.VITE_PROD_URL}/api/ms/link`,
+				redirect_uri: `${env.PROD_ORIGIN}/api/ms/link`,
 				resource: "https://graph.microsoft.com",
 				response_type: "code",
 				state,
@@ -111,7 +111,7 @@ export const msRouter = new Hono<HonoEnv>()
 				client_secret: env.ENTRA_CLIENT_SECRET,
 				scope: "offline_access https://graph.microsoft.com/.default",
 				code: code,
-				redirect_uri: `${env.VITE_PROD_URL}/api/ms/link`,
+				redirect_uri: `${env.PROD_ORIGIN}/api/ms/link`,
 				grant_type: "authorization_code",
 			});
 
@@ -206,7 +206,7 @@ export const msRouter = new Hono<HonoEnv>()
 
 			let skipSubscription = false;
 			try {
-				const url = new URL(env.VITE_PROD_URL);
+				const url = new URL(env.PROD_ORIGIN);
 				if (url.hostname === "localhost") {
 					skipSubscription = true;
 				}
@@ -217,8 +217,8 @@ export const msRouter = new Hono<HonoEnv>()
 					.api("/subscriptions")
 					.post({
 						changeType: "created,updated,deleted",
-						notificationUrl: `${env.VITE_PROD_URL}/api/webhook/microsoft-graph`,
-						lifecycleNotificationUrl: `${env.VITE_PROD_URL}/api/webhook/microsoft-graph/lifecycle`,
+						notificationUrl: `${env.PROD_ORIGIN}/api/webhook/microsoft-graph`,
+						lifecycleNotificationUrl: `${env.PROD_ORIGIN}/api/webhook/microsoft-graph/lifecycle`,
 						resource: "/users",
 						expirationDateTime: new Date(
 							new Date().getTime() + 1000 * 60 * 60 * 24 * 25, // 25 days

apps/web/src/api/trpc/routers/org/admins.ts

@@ -82,7 +82,7 @@ export const adminsRouter = createTRPCRouter({
 				type: "tenantAdminInvite",
 				invitedByEmail: ctx.account.email,
 				tenantName: org.name,
-				inviteLink: `${env.VITE_PROD_URL}/invite/organisation/${code}`,
+				inviteLink: `${env.PROD_ORIGIN}/invite/organisation/${code}`,
 			});
 		}),
 

apps/web/src/api/trpc/routers/org/billing.ts

@@ -46,7 +46,7 @@ export const billingRouter = createTRPCRouter({
 
 		const body = new URLSearchParams({
 			customer: customerId,
-			return_url: `${env.VITE_PROD_URL}/o/${ctx.org.slug}/settings`,
+			return_url: `${env.PROD_ORIGIN}/o/${ctx.org.slug}/settings`,
 		});
 
 		const resp = await fetch(

apps/web/src/app/(dash)/o.[orgSlug]/t.[tenantSlug]/settings/identity-provider.tsx

@@ -91,7 +91,7 @@ function IdentityProviderCard() {
 				// This `setTimeout` causes Safari's popup blocker to not active.
 				setTimeout(() => {
 					const popupWindow = window.open(
-						`${env.VITE_PROD_URL}/api/ms/popup?state=${state}`,
+						`${location.origin}/api/ms/popup?state=${state}`,
 						"entraOAuth",
 						"toolbar=no, menubar=no, width=600, height=700, top=100, left=100",
 					);

apps/web/src/app/api/cli/auth/index.ts

@@ -14,7 +14,7 @@ export async function POST() {
 	await db.insert(cliAuthCodes).values({ code: id });
 
 	return Response.json({
-		url: `${env.VITE_PROD_URL}/cli/${id}`,
+		url: `${env.PROD_ORIGIN}/cli/${id}`,
 		jwt: await signJWT({ code: id }),
 	});
 }

apps/web/src/env.ts

@@ -2,42 +2,41 @@ import { createEnv } from "@t3-oss/env-core";
 import { z } from "zod";
 
 function optional_in_dev<T extends z.ZodTypeAny>(
-  schema: T,
+	schema: T,
 ): z.ZodOptional<T> | T {
-  return process.env.NODE_ENV === "development" ? schema.optional() : schema;
+	return process.env.NODE_ENV === "development" ? schema.optional() : schema;
 }
 
 export const env = createEnv({
-  server: {
-    // Used to secure the session for the dashboard
-    AUTH_SECRET: z.string(),
-    // Used to secure the JWT's used for MDM authentication
-    // This is shared with Rust so both sides can sign/verify JWT's
-    //
-    // This token is also used to authenticate `apps/web` with the Rust code when making HTTP requests
-    INTERNAL_SECRET: z.string(),
-    DATABASE_URL: z.string(),
-    MDM_URL: z.string(),
-    FROM_ADDRESS: z.string(),
-    // Emails and other AWS services
-    // Get these values from the output of the Cloudformation template
-    AWS_ACCESS_KEY_ID: optional_in_dev(z.string()),
-    AWS_SECRET_ACCESS_KEY: optional_in_dev(z.string()),
-    // Stipe billing
-    STRIPE_PUBLISHABLE_KEY: z.string(),
-    STRIPE_SECRET_KEY: z.string(),
-    // Used for syncing users from Entra to Mattrax
-    ENTRA_CLIENT_ID: z.string(),
-    ENTRA_CLIENT_SECRET: z.string(),
-    NODE_ENV: z.enum(["development", "production"]).default("development"),
-    FEEDBACK_DISCORD_WEBHOOK_URL: z.string().optional(),
-    WAITLIST_DISCORD_WEBHOOK_URL: z.string().optional(),
-  },
-  clientPrefix: "VITE_",
-  client: {
-    VITE_PROD_URL: z.string(),
-  },
-  // We need to manually list the env's for the frontend bundle
-  runtimeEnv: { VITE_PROD_URL: import.meta.env?.VITE_PROD_URL, ...process.env },
-  emptyStringAsUndefined: true,
+	server: {
+		// Used to secure the session for the dashboard
+		AUTH_SECRET: z.string(),
+		// Used to secure the JWT's used for MDM authentication
+		// This is shared with Rust so both sides can sign/verify JWT's
+		//
+		// This token is also used to authenticate `apps/web` with the Rust code when making HTTP requests
+		INTERNAL_SECRET: z.string(),
+		DATABASE_URL: z.string(),
+		MDM_URL: z.string(),
+		PROD_ORIGIN: z.string(),
+		FROM_ADDRESS: z.string(),
+		// Emails and other AWS services
+		// Get these values from the output of the Cloudformation template
+		AWS_ACCESS_KEY_ID: optional_in_dev(z.string()),
+		AWS_SECRET_ACCESS_KEY: optional_in_dev(z.string()),
+		// Stipe billing
+		STRIPE_PUBLISHABLE_KEY: z.string(),
+		STRIPE_SECRET_KEY: z.string(),
+		// Used for syncing users from Entra to Mattrax
+		ENTRA_CLIENT_ID: z.string(),
+		ENTRA_CLIENT_SECRET: z.string(),
+		NODE_ENV: z.enum(["development", "production"]).default("development"),
+		FEEDBACK_DISCORD_WEBHOOK_URL: z.string().optional(),
+		WAITLIST_DISCORD_WEBHOOK_URL: z.string().optional(),
+	},
+	clientPrefix: "VITE_",
+	client: {},
+	// We need to manually list the env's for the frontend bundle
+	runtimeEnv: process.env,
+	emptyStringAsUndefined: true,
 });

infra/sst.config.ts

@@ -221,7 +221,7 @@ function WebPagesProject({
 				.value,
 			WAITLIST_DISCORD_WEBHOOK_URL: new sst.Secret("WaitlistDiscordWebhookURL")
 				.value,
-			VITE_PROD_URL: `https://${PROD_HOST}`,
+			PROD_ORIGIN: `https://${PROD_HOST}`,
 		},
 		failOpen: true,
 		placement: { mode: "smart" },